package com.weixin.api.content.shiro;

import com.weixin.domain.authority.EmployeeRoleRl;
import com.weixin.domain.authority.Resource;
import com.weixin.domain.authority.Role;
import com.weixin.domain.authority.RoleResourceRl;
import com.weixin.domain.sm.Employee;
import com.weixin.mapper.template.authority.EmployeeRoleRlMapper;
import com.weixin.mapper.template.authority.ResourceMapper;
import com.weixin.mapper.template.authority.RoleMapper;
import com.weixin.mapper.template.authority.RoleResourceRlMapper;
import com.weixin.mapper.template.sm.EmployeeMapper;
import com.weixin.response.LoginResponse;
import com.weixin.server.sm.EmployeeService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.List;

/**
 * @author lc
 * @email 389125111@qq.com
 * @create 2018-06-05 15:29
 */
public class ShiroRealm extends AuthorizingRealm {

    private Logger logger = LoggerFactory.getLogger(this.getClass());

    @Autowired
    private EmployeeMapper employeeMapper;
    @Autowired
    private ResourceMapper resourceMapper;
    @Autowired
    private RoleMapper roleMapper;
    @Autowired
    private EmployeeRoleRlMapper employeeRoleRlMapper;
    @Autowired
    private RoleResourceRlMapper roleResourceRlMapper;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        logger.info("doGetAuthorizationInfo+" + principalCollection.toString());
        Employee employee = employeeMapper.selectByPrimaryKey((Long) principalCollection.getPrimaryPrincipal());

        //把principals放session中 key=userId value=principals
        SecurityUtils.getSubject().getSession().setAttribute(String.valueOf(employee.getId()), SecurityUtils.getSubject().getPrincipals());

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //赋予角色
        List<EmployeeRoleRl> employeeRoleRls = employeeRoleRlMapper.select(new EmployeeRoleRl() {{
            this.setEmployeeId(employee.getId());
            this.setDelTag(false);
        }});
        for (EmployeeRoleRl userRole : employeeRoleRls) {
            info.addRole(roleMapper.selectByPrimaryKey(userRole.getRoleId()).getRoleName());

            //赋予权限
            List<RoleResourceRl> roleResourceRls = roleResourceRlMapper.select(new RoleResourceRl() {{
                this.setRoleId(userRole.getRoleId());
                this.setDelTag(false);
            }});
            for (RoleResourceRl resourceRl : roleResourceRls) {
                info.addStringPermission(resourceMapper.selectByPrimaryKey(resourceRl.getResourceId()).getUrl());
            }
        }
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        logger.info("doGetAuthenticationInfo----------------" + authenticationToken.toString());

        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        String userName = token.getUsername();
        logger.info("------------" + userName + " ---- " + token.getPassword());

        Employee employee = employeeMapper.selectByPrimaryKey(Long.valueOf(token.getUsername()));
        if (employee != null) {
            //设置用户session
            Session session = SecurityUtils.getSubject().getSession();
            session.setAttribute("user", employee);
            return new SimpleAuthenticationInfo(userName, employee.getPassword(), getName());
        } else {
            return null;
        }
    }

}
